johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: skip /etc/passwd check on Windows in security test (#363)

Browse Source 
Fixes #362

The test TestCleanupMergeArtifacts_CommandInjectionPrevention was failing on Windows because it checks for /etc/passwd, which is a Unix-specific file that doesn't exist on Windows.

Added runtime.GOOS check to skip the /etc/passwd verification on Windows while maintaining the security check on Unix systems.
This commit is contained in:
cerebustech-dev
2025-11-23 00:49:29 +00:00
committed by GitHub
parent 599c40c703
commit 3aeca3413a
1 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/bd/merge_security_test.go
View File

@@ -3,6 +3,7 @@ package main
import ( import (
"os" "os"
"path/filepath" "path/filepath"
"runtime"
"testing" "testing"
) )
@@ -110,9 +111,12 @@ func TestCleanupMergeArtifacts_CommandInjectionPrevention(t *testing.T) {
// exec.Command safely handled the filename. // exec.Command safely handled the filename.
// Verify that sensitive paths are NOT affected // Verify that sensitive paths are NOT affected
// Note: /etc/passwd only exists on Unix systems, so skip this check on Windows
if runtime.GOOS != "windows" {
if _, err := os.Stat("/etc/passwd"); err != nil { if _, err := os.Stat("/etc/passwd"); err != nil {
t.Errorf("Command injection may have occurred - /etc/passwd missing") t.Errorf("Command injection may have occurred - /etc/passwd missing")
} }
}
}) })
} }
} }